
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: k8s-bigip-ctlr
  namespace: kube-system

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: bigip-ctlr-clusterrole
rules:
- apiGroups: ["", "extensions", "networking.k8s.io"]
  resources: ["nodes", "services", "endpoints", "namespaces", "ingresses", "pods", "ingressclasses"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["", "extensions", "networking.k8s.io"]
  resources: ["configmaps", "events", "ingresses/status", "services/status"]
  verbs: ["get", "list", "watch", "update", "create", "patch"]
- apiGroups: ["", "extensions"]
  resources: ["secrets"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
  resources: ["leases"]
  verbs: ["get", "list", "watch", "create", "update", "patch"]

---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: bigip-ctlr-clusterrole-binding
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: bigip-ctlr-clusterrole
subjects:
- apiGroup: ""
  kind: ServiceAccount
  name: k8s-bigip-ctlr
  namespace: kube-system

---

apiVersion: v1
kind: Secret
metadata:
  name: bigip-login
  namespace: kube-system
stringData:
  url: {{ https://bigip-mgmt-ipaddr }}
  username: admin
  password: {{ admin-password }}
type: Opaque

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: k8s-bigip-ctlr-c
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: k8s-bigip-ctlr-c-pod
  template:
    metadata:
      name: k8s-bigip-ctlr-c-pod
      labels:
        app: k8s-bigip-ctlr-c-pod
    spec:
      serviceAccountName: k8s-bigip-ctlr
      nodeSelector:
        node-role.kubernetes.io/controlplane: "true"
        # node-role.kubernetes.io/master: "true"
      containers:
        # kubectl logs -f deployment/k8s-bigip-ctlr-c -c k8s-bigip-ctlr-c-pod -n kube-system
        - name: k8s-bigip-ctlr-c-pod
          image: {{ docker_image }}
          imagePullPolicy: IfNotPresent
          env:
            - name: BIGIP_USERNAME
              valueFrom:
                secretKeyRef:
                  name: bigip-login
                  key: username
            - name: BIGIP_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: bigip-login
                  key: password
            - name: BIGIP_URL
              valueFrom:
                secretKeyRef:
                  name: bigip-login
                  key: url
          command: ["/f5-kic-linux"]
          args: [
            "--bigip-username=$(BIGIP_USERNAME)",
            "--bigip-password=$(BIGIP_PASSWORD)",
            "--bigip-url=$(BIGIP_URL)",
            "--log-level=debug",
            # "--flannel-name=fl-tunnel",
            "--hub-mode=true",  # ok as well: "--hub-mode"
            "--ignore-service-port"
          ]

        # validate with: curl http://localhost:8081/validate
        - name: as3-parser
          image: f5devcentral/cis-c-as3-parser:latest-amd64-v20231221
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 8081
              protocol: TCP
--- 

# expose the Prometheus port with NodePort
apiVersion: v1
kind: Service
metadata:
  name: k8s-bigip-ctlr-c-svc
  namespace: kube-system
spec:
  selector:
    app: k8s-bigip-ctlr-c-pod
  ports:
    - name: k8s-bigip-ctlr-c-metrics
      protocol: TCP
      port: 8080
      targetPort: 8080
      nodePort: 30080
  type: NodePort
  

